Dictonary Attack

What is a Dictonary Attack?

A dictionary attack is a method of cracking passwords by throwing "every word in the dictonary" at a login until the password is found, usually done with automation. Variations of this consist of sequential letter and number sequences. This is why many networks prevent users from using ordinary words for passwords, but most do not and most users do not select hard passwords. It may seem like too much work to try thousands of words but a program can hundreds them in seconds. Networks typically lock accounts after 3 or 5 attempts, but these attacks take place at a lower level of the network. Passwords with letters, numbers, and non-alphanumeric characters are much better. Example: $hI!My^NaMe*Is%SkIpPy! is a much harder password to crack.

Even worse than common words are number sequencies like birthdays. A date is an 8 digit sequence and even if you guessed every number sequence between 00000000 and 99999999 that is only 100 million combinations. Februray 14, 1968 is 02141968 which on a very onrdinary computer takes 3 seconds to find with a script.

A brute force attack attempts every possible combination of letters and numbers, which can take a while.

Securing Passwords Against Dictionary Attacks(PDF)

Privacy Policy and Mission Statement